02-01-2012 11:11 AM
A few days ago we are reported that Norton blocks of constant attacks. Somewhere on the internet I read that hackers had retrieve the source code. Can you tell me what is this?
02-01-2012 11:22 AM - edited 02-01-2012 11:28 AM
Can you tell us the name of the threat that Norton says it is blocking? It should appear in the alert itself or in one of the entries in the Intrusion Prevention logs in Norton History.
It is not related to the reports of the source code theft, which only affects users of pcAnywhere.
02-01-2012 04:03 PM - edited 02-01-2012 04:05 PM
OS Attack: MS PRCSS Attack CVE-2004-01162 is an exploit of an old vulnerability that was patched by Microsoft in 2004, so you are not likely to be susceptible to this specific attack unless you are running an OS that was not patched as listed here:
If you are seeing these only occasionally, especially when you are visiting a particular website, it may just be that the site is compromised and Norton is successfully preventing an exploit hosted there from running on your computer. On the other hand, an OS attack is serious business, and if you are getting these repeatedly it may indicate something already on your system that is connecting out to launch the exploit. When you look in your IPS logs, do you see any entries that list the threat as "System Infected?" If so, you may wish to post to one of the free malware removal forums where trained experts can run tools to find any hidden malware that may be on your PC:
Again, this has absolutely nothing to do with the stolen code from 2006, so persuing that angle will not be very productive.